dpcnm2132
2017-04-12 08:26 阅读 69

Wordpress用户密码数据作为明文/导出Django的Wordpress用户密码

I have around 900 users in my wordpress, i am exporting these user data to my new platform that will be using Django.

My question is, how can i export these user's password as plaintext? if i cannot do it, i wanted to store it in "old_password" field in my new database, but i want to know how to "match" text with the old_password? because my plan is that when the user login, i will try to find the user with the same email and the hashed password, but i don't know what type of hashing function Wordpress used and the equivalent of that function in Python Django.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

2条回答 默认 最新

  • 已采纳
    dongyou7739 dongyou7739 2017-05-07 07:02

    Use this library, https://github.com/jmoswalt/wp-to-django-users

    Basically you add django the capability to re-hash the old wordpress password, so that your old wordpress user can now use their same & old password on the new django site

    Within your settings.py file for your django project, add the following:

    PASSWORD_HASHERS = (
    'django.contrib.auth.hashers.PBKDF2PasswordHasher',
    'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
    'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
    'django.contrib.auth.hashers.BCryptPasswordHasher',
    'django.contrib.auth.hashers.SHA1PasswordHasher',
    'django.contrib.auth.hashers.MD5PasswordHasher',
    'django.contrib.auth.hashers.CryptPasswordHasher',
    'hashers_passlib.phpass',
    )
    

    then re-hash the password, and you are done.

    from django.contrib.auth.hashers import get_hasher
    hasher = get_hasher('phpass')
    user.password = hasher.from_orig(user.password)
    
    点赞 评论 复制链接分享
  • doumie7914 doumie7914 2017-04-12 08:38

    Modern password controls are explicitly designed to make deterministic computation of the plain text impossible. The only way, therefore, to determine it is by a "brute force" attack (try hashing all possible passwords until you find one that hashes correctly) or more sophisticated techniques like the use of rainbow tables, which reduce compute time but use a lot of storage.

    There's some information about WordPress password security in this article, which might help you, and this article contains PHP code you might repurpose by translating it into Python.

    It sounds, though, like the simplest way to proceed would be to validate the users' existing passwords against old_password on first login to the new site, then force them (by redirecting them to a specific page) to change their password, clearing the old_password field once this is done.

    点赞 评论 复制链接分享

相关推荐